G2 doesn’t have rootkit, it’s just the same old NAND lock

The Android modding community denies claims that the HTC G2 has a hardware …

Policy group New America has written a scathing blog entry that criticizes the HTC G2 for including a "hardware rootkit" that prevents users from installing custom firmware on the device. The report appears, however, to be based on a misunderstanding of technical issues raised in an XDA discussion thread. The G2 isn't unique in blocking third-party firmware, and it doesn't come with anything that could correctly be described as a rootkit.

In fact, the NAND write-blocking mechanism in the G2 is nearly identical to the one that HTC has included in the EVO 4G and other previous devices. Android modders say that it will eventually be cracked, just like every previous attempt by carriers and handset makers to impede third-party firmware modification. The issue of phone openness is worth exploring, but it's a lot broader and more nuanced than New America realizes.

Practically all carrier-subsidized Android handsets have some kind of mechanism in place to prevent users from installing custom third-party firmware. In order to circumvent these mechanisms, users have to obtain root access. The standard process for "rooting" an Android phone is to find a privilege escalation vulnerability (basically, a security hole) in the underlying Linux platform and exploit it in order to gain sufficient access to the device's filesystem and bootloader so that changes can be made.

Handset makers have developed increasingly sophisticated technical solutions to prevent the phone's platform-level software from being modified in the event that vulnerabilities are exploited. HTC has used a NAND write-blocking mechanism to protect against unauthorized changes on several handsets over the past year, including the HTC EVO 4G and a few others that also predate the G2. It's important to understand that the function of this lockdown is, ostensibly, to protect the user from malware like viruses and worms that might exploit platform vulnerabilities in order to modify the phone in a malicious way.

Technical investigations of the G2's behavior show that it has basically the same NAND write-block mechanism as the EVO, but is a bit more aggressive than the EVO about preventing permanent changes. HTC has indicated that the G2 will restore the original software when changes are made, but some evidence found by the modding community suggests that it doesn't actually work quite that way and might actually be a software defect. Regardless, the modding community is convinced that the G2 will eventually be fully hacked just like the EVO and various Android devices that have attempted to introduce more robust safeguards against tampering in the past.

Steve Kondik, who is known for launching the CyanogenMod third-party Android firmware project, described the blogosphere commentary about the G2 lockdown issue as "just plain wrong" in a post on Twitter. "Please stop saying 'G2 rootkit'. Its not a rootkit, just another attempt to slow us down," heexplained. "The G2 root issue isn't any different than the last few phones [HTC has] released, it's the same thing as the NAND lock."

Licensing

New America's contention that the lockdown "undermines" the license is debatable philosophically, but untrue in a purely legal sense. The GPLv2, the license under which the Linux kernel is distributed, does not prohibit device vendors from using technical measures to block modifications of embedded Linux systems. In fact, the practice of blocking the installation of third-party firmware on Linux-based devices is extremely widespread.

The issue first broadly came into the awareness of the open source software community when the Free Software Foundation (FSF) expressed frustration with TiVo's use of code-signing to prevent the installation of non-standard firmware on their popular video recording devices.

Like the GPLv2, the Apache license does not prohibit handset makers from blocking third-party firmware modification.

The FSF attempted to block that kind of lockdown by prohibiting it in the GPLv3, with a controversial addition that has come to be known as the anti-Tivoization section. The upstream Linux kernel development community emphatically rejected the anti-Tivoization conditions and has often cited it as one of the many reasons why the Linux kernel will not be relicensed from GPLv2 to GPLv3. Linus Torvalds addressed the question of code-signing in a post on the Linux kernel mailing list in 2003.

Google's Android environment and many key components of the platform's userspace stack—including Google's own libc implemention—are distributed under the highly-permissive Apache license, which even allows code to be used in closed-source applications. Google chose this license specifically so that commercial Android adopters like handset makers and mobile carriers would be able to create proprietary derivatives of Android that differentiate their products from those of their competitors.

Like the GPLv2, the Apache license does not prohibit handset makers from blocking third-party firmware modification. Although it's certainly true that preventing users from modifying the software on a device is antithetical to the philosophy held by the Free Software Foundation and many open source advocates (including myself), it does not directly conflict with the license.

Although I sympathize with concerns about how restrictions on the use of third-party firmware negatively impact user freedom, the specific complaints in the New America blog post are misdirected. Nobody should be complaining about the fact that a phone has a built-in mechanism to block unauthorized changes to the platform in the event that a phone's security is compromised. The real problem is the fact that users have to resort to exploiting privilege escalation vulnerabilities to get full access to their phone in the first place.

Framing it as a G2 issue or suggesting that its unprecedented simply because the G2 hasn't been cracked yet is illogical. I think it's great that consumer advocates and public policy groups like New America want to stand up for the consumer by addressing the problem of closed devices, but they need to start by understanding the real scope of the problem.

This is not an issue that is specific to the G2 or Android phones. It's obviously relevant across the entire spectrum of programmable devices in the consumer electronics ecosystem. One could argue that it even transcends software, because it parallels the problems posed by anti-tamper screw bits that hardware modding enthusiasts have complained about for years.

Carriers

The prevalence of carrier-subsidized handset distribution is likely one of the major reasons why lockdown mechanisms have become so pervasive on handsets in North America. It's definitely not the only reason, but it's a factor that I think deserves some scrutiny.

Carrier-subsidized phones have historically come with technical measures that prevent the phone from being used on other networks, but the carriers are increasingly adding other kinds of restrictions—including irremovable crapware and mechanisms to block third-party firmware—as smartphones become more sophisticated. When the consumer buys a handset on a carrier subsidy, they are accustomed to sacrificing some of their freedom in exchange for the up-front discount that they get from the carrier.

Many consumers who don't want to contend with such restrictions have the option of buying relatively open devices directly from handset manufacturers. For example, Nokia's N900 makes it easy to obtain root access (it's as easy as installing the "rootsh" package from the Maemo Extras repository) and flash non-standard firmware, thus obviating the need for users to exploit security bugs in order to get control of the device. Google's Nexus One and open developer phones are similarly unencumbered and allow third-party firmware.

Consumers, however, continue to vote with their wallets for crapware and lock-in by buying carrier-subsidized handsets. As Google discovered when it launched the Nexus One, the market for open phones is practically non-existent in the United States.

It's important to remember that T-Mobile (the first carrier to sell the G2) still fully allows open devices like the Nokia N900 and Google Nexus One to operate on their network, which means that the company is not preventing consumers from using devices that have replaceable firmware. There is no network neutrality issue in play here, it's simply a question of what capabilities the carriers choose to enable on devices that they sell at a discount.

New America clearly doesn't understand how all the pieces fit together and jumped the gun by targeting the G2 specifically, but I'm hopeful that they will put their enthusiasm to good use by taking a look at the smartphone ecosystem and pursuing policy strategies that can address the broader problem. For example, regulations that require the carriers to be more transparent about the restrictions they impose on the devices that they sell could possibly be a good step in the right direction.

As smartphones continue to evolve into general-purpose computing devices and start playing a bigger role in how people access the Internet, it may become important for consumers to start reclaiming the freedoms that they have conceded to the carriers.

This is one of the major reasons I got the N900, and I've been extremely happy with it. I've never felt like I had to fight the device to make it do what I wanted it to do, or that features were left off just so I could be charged extra for them later.

I think carrier subsidies (and subsidies in general) tend to have an overall negative effect, because they make the manufacturer/seller of a product have a vested interest in the way a user uses the product. If a handset is subsidized by the carrier, the carrier has incentive to make sure the handset only works with their service. If a game console maker is selling consoles at a loss, they have an incentive to make sure it's locked down so people are buying games for it rather than hacking it for non-gaming purposes.

If companies would just charge a fair price for things in the first place rather than charging less upfront and then trying to soak customers later, I think they would generally be less hostile to people trying to use their devices in novel ways.

If a high upfront cost is too much for customers, then a loan is the appropriate solution. If carriers would loan customers the cost of the handset, and just tack on the loan payment on the phone bill, with the customer still being responsible for loan payments even if they cancel service, they wouldn't need locked down phones or long contracts. Also, customers who already have phones wouldn't have to pay an inflated monthly rate that covers a subsidized phone they don't want.

Don't all the fandroids keep talking about how open Android is? Rooting Android on certain phones seems to be just as open as jailbreaking an iphone. I'm confused. What's so open about Android?

There are lots of reasons why is it open that don't require root. For example, replacing your launcher. Can you do that on the iPhone? No way. I can replace my launcher completely with Launcher Pro and never even have the stock HTC Sense Launcher come up. It is gone for all intents and purposes. It even makes my phone faster and more responsive. That's just a simple example. Rooting gives the ability to install custom ROMs along with custom Kernels that add features that are even more personalized. Rooting is in no way required to enjoy Android but it is still great to have. Also the marketplace is very open. For instance the app store does not allow emulators of any kind while SNES, NES, GBA, PSX, and other emulators can be found on the android marketplace and used without rooting.

As Google discovered when it launched the Nexus One, the market for open phones is practically non-existent in the United States.

I don't think this is quite what you mean to say, or rather, it's an oversimplification of the issue. Sales of the Nexus One are not indicative of the market for open and unlocked phones because the Nexus One wasn't truly open in the sense of being compatible with all major US carriers. The Nexus One was originally only compatible with one carrier, and then it eventually gained support for another. It was never compatible with the largest carrier in the US. By the time the Nexus One worked with two carriers there were other smartphone options (iPhone and other Android devices) offered by those carriers that compared well and were significantly cheaper because they were subsidized. What most consumers want in an open phone is carrier choice, not the ability to write, modify, and install your own code. Since the open and unlocked nature of the Nexus One didn't really grant users the true freedom they were looking for (carrier choice) that feature didn't weigh heavily in consumers' buying calculus. Therefore they went with similar or superior devices that were cheaper thanks to the subsidy.

When the smartphone market has a device that will work on all four major US carriers with full compatibility, then I think you'll see a phone's openness as a greater selling point. The market for open phones is pretty significant, in my estimation. Most consumers decry carrier lock-in. It was the Nexus One's carrier limitations that made its openness less important in the buying decision.

Don't all the fandroids keep talking about how open Android is? Rooting Android on certain phones seems to be just as open as jailbreaking an iphone. I'm confused. What's so open about Android?

*sigh* another ignorant iNerd. How hard is it for you guys to understand this simple concept? android is an operating system. The OS is open. The hardware is not part of the OS, so the hardware is not open. Please read the article you are commenting on as to why hardware is locked.

"...the market for open phones is practically non-existent in the United States." is probably true, but I feel like it never got a fair shake. The sweetest phones are always only available from the carriers, so people buy those, and then the manufacturers don't bother to create unlocked versions for other channels.

I paid full price for an unsubsidized G2, but it's still carrier-locked. I'd much rather have thrown my money at some store offering a multiband unlocked version!

Which does fuck-all for having a more "open" phone. You can have at large chunks of Darwin as well, you know.

The only reason the android fans call it "rooting" is so that they don't have to call it "jailbreaking". "Rooting" sounds cooler. In the end though, you have to circumvent protections on both platforms to have a truly "open" phone that allows you full control of the device. But Apple is EVIL and Google is GOOD.

Practically all carrier-subsidized Android handsets have some kind of mechanism in place to prevent users from installing custom third-party firmware.

Wait, so the non-carrier subsidized version of G2 that T-Mobile will sell to me outright without requiring a contract isn't similarly locked? Or did that phrasing just sound so good the validity of what it implied didn't enter into the matter?

As Google discovered when it launched the Nexus One, the market for open phones is practically non-existent in the United States.

I don't think this is quite what you mean to say, or rather, it's an oversimplification of the issue.

jrr_1 wrote:

"...the market for open phones is practically non-existent in the United States." is probably true, but I feel like it never got a fair shake. The sweetest phones are always only available from the carriers, so people buy those, and then the manufacturers don't bother to create unlocked versions for other channels.

Yes, it's an oversimplification. Carrier compatibility and the technical weaknesses of the device itself were also relevant factors. But I think that they would have continued to pursue open handsets and expand the effort if it had shown signs of paying off. They announced it with a lot of fanfare and it must have been a huge investment for them. I don't think that they would have discontinued it the way that they did if it had the potential to work in the long term. I had initially hoped that some competition directly from Google would force the carriers to loosen their restrictions, but I don't think they even viewed it as a credible threat.

Practically all carrier-subsidized Android handsets have some kind of mechanism in place to prevent users from installing custom third-party firmware.

Wait, so the non-carrier subsidized version of G2 that T-Mobile will sell to me outright without requiring a contract isn't similarly locked? Or did that phrasing just sound so good the validity of what it implied didn't enter into the matter?

Probably no difference except they are obligated to carrier unlock the phone for you. Wait, they don't even have to do that.

Wait, so the non-carrier subsidized version of G2 that T-Mobile will sell to me outright without requiring a contract isn't similarly locked? Or did that phrasing just sound so good the validity of what it implied didn't enter into the matter?

If you buy a phone from t-mobile then it will still be locked because its still a tmo branded phone. The only way to get an unrestricted phone is to buy one that has no carrier branding.

I also strongly disagree with the claim that the North American market buys with it's wallet and likes cheaper phones. The problem is that the North American carriers don't offer a reduced-rate plan for those of us that don't need subsidized phones. It's simple economics - if my cell phone bill is going to be the same whether I buy a 600$ unlocked phone, or a 200$ locked phone, there's 400$ on the table there. By taking the subsidized phone, I save 400$.

Now, if the cell companies would let me save 10$/month on my plan by not using a subsidized phone, I'd be all over it. But they'd rather keep that money.

I hope the HTC Desire Z doesn't suffer form this 'feature'. I was seriously considering puchasing it but now am not so sure.

If I buy a phone, I reserve the right to uninstall all the bloat/crapware that carriers insist on forcing down the throat of so many people. No, I don't want a stupid gif of a dancing animal hopping around and making noises for 20 seconds everytime I trun on my phone.

As Google discovered when it launched the Nexus One, the market for open phones is practically non-existent in the United States.

I don't think this is quite what you mean to say, or rather, it's an oversimplification of the issue. Sales of the Nexus One are not indicative of the market for open and unlocked phones because the Nexus One wasn't truly open in the sense of being compatible with all major US carriers. The Nexus One was originally only compatible with one carrier, and then it eventually gained support for another. It was never compatible with the largest carrier in the US. By the time the Nexus One worked with two carriers there were other smartphone options (iPhone and other Android devices) offered by those carriers that compared well and were significantly cheaper because they were subsidized. What most consumers want in an open phone is carrier choice, not the ability to write, modify, and install your own code. Since the open and unlocked nature of the Nexus One didn't really grant users the true freedom they were looking for (carrier choice) that feature didn't weigh heavily in consumers' buying calculus. Therefore they went with similar or superior devices that were cheaper thanks to the subsidy.

When the smartphone market has a device that will work on all four major US carriers with full compatibility, then I think you'll see a phone's openness as a greater selling point. The market for open phones is pretty significant, in my estimation. Most consumers decry carrier lock-in. It was the Nexus One's carrier limitations that made its openness less important in the buying decision.

Lack of universal carrier compatibility is a hardware problem that can't actually be solved in the US due to incompatible networks. Verison is CDMA, ATT is GSM with 3G@1900, T-Mobile is GSM with 3G@1700. This isn't a matter of someone deciding the Nexus One should be less compatible, it's just physically not possible. Even the new "world edition" Droid phones will not be able compatible with all 3, I'm guessing the GSM 3G band will be ATT and not T-Mobile.

I bought the ATT version of the Nexus One because the 3G frequency is the most widely used worldwide, and I travel. Internationally, and in Canada, the AWS (1700) spectrum is only used by the smaller budget carriers.

I think one of the big problems is that they are withholding the source and modifications made to the source of the kernel. They say they will release it up to 120 days from now which is much too long. They can lock it down all they like and stay legal but to withhold source for that length of time may be a copyright infringement against those who contributed code to the kernel (releasing modifications after 90-120 days is not acceptable).

Which does fuck-all for having a more "open" phone. You can have at large chunks of Darwin as well, you know.

The only reason the android fans call it "rooting" is so that they don't have to call it "jailbreaking". "Rooting" sounds cooler. In the end though, you have to circumvent protections on both platforms to have a truly "open" phone that allows you full control of the device. But Apple is EVIL and Google is GOOD.

we call it rooting because it's a more accurate word for the root access it's short for. even without it though you can run code that hasn't paid tribute to google and received their blessing

I also strongly disagree with the claim that the North American market buys with it's wallet and likes cheaper phones. The problem is that the North American carriers don't offer a reduced-rate plan for those of us that don't need subsidized phones. It's simple economics - if my cell phone bill is going to be the same whether I buy a 600$ unlocked phone, or a 200$ locked phone, there's 400$ on the table there. By taking the subsidized phone, I save 400$.

Now, if the cell companies would let me save 10$/month on my plan by not using a subsidized phone, I'd be all over it. But they'd rather keep that money.

T-Mobile in the USA is fair enough to give you that subsidy discount if you buy outright.

Lack of universal carrier compatibility is a hardware problem that can't actually be solved in the US due to incompatible networks. Verison is CDMA, ATT is GSM with 3G@1900, T-Mobile is GSM with 3G@1700.

Yes, but there are quad-band phones that support all of the frequencies. It's certainly possible to do, we just don't see it in Android handsets for some reason.

It's important to remember that T-Mobile still fully allows open devices like the Nokia N900 and Google Nexus One to operate on their network, which means that the company is not preventing consumers from using devices that have replaceable firmware.

Is there any example of a carrier actively blocking a device? Are they even able to do so if they wanted to?

As far as I know, adding a device to a network is a matter of inserting their SIM card into your device. When I got my Nexus One, I called my carrier to upgrade to a data plan. They asked me what phone I have and the IMEI, and I told them it's none of their business

I think one of the big problems is that they are withholding the source and modifications made to the source of the kernel. They say they will release it up to 120 days from now which is much too long. They can lock it down all they like and stay legal but to withhold source for that length of time may be a copyright infringement against those who contributed code to the kernel (releasing modifications after 90-120 days is not acceptable).

That's an entirely separate issue, though also unfortunate. If they get it out in 120 days, they will have done far better than the vast majority of other Android adopters.

Lack of universal carrier compatibility is a hardware problem that can't actually be solved in the US due to incompatible networks. Verison is CDMA, ATT is GSM with 3G@1900, T-Mobile is GSM with 3G@1700.

Yes, but there are quad-band phones that support all of the frequencies. It's certainly possible to do, we just don't see it in Android handsets for some reason.

Please give me an example of a phone that supports all carriers 3G frequencies. Like I said, the "world edition" Droids (which just came out this month BTW) only support 2G universally.

I also strongly disagree with the claim that the North American market buys with it's wallet and likes cheaper phones. The problem is that the North American carriers don't offer a reduced-rate plan for those of us that don't need subsidized phones. It's simple economics - if my cell phone bill is going to be the same whether I buy a 600$ unlocked phone, or a 200$ locked phone, there's 400$ on the table there. By taking the subsidized phone, I save 400$.

Now, if the cell companies would let me save 10$/month on my plan by not using a subsidized phone, I'd be all over it. But they'd rather keep that money.

You can - go with T-mobile. If you get a subsidized phone, you have to be on the "even more" plan. If you BYOP, you can be on the "even more plus" plan, which is contract free and costs $10 less per month. Also, if you don't care about Android services, you can get the $10/month unlimited data plan. So all in all, I have 500 anytime minutes+nights and weekends+unlimited data+3G+free texting via Google Voice for $45/mo on my N900, including taxes and fees.

It's important to remember that T-Mobile still fully allows open devices like the Nokia N900 and Google Nexus One to operate on their network, which means that the company is not preventing consumers from using devices that have replaceable firmware.

Is there any example of a carrier actively blocking a device? Are they even able to do so if they wanted to?

As far as I know, adding a device to a network is a matter of inserting their SIM card into your device. When I got my Nexus One, I called my carrier to upgrade to a data plan. They asked me what phone I have and the IMEI, and I told them it's none of their business

Lack of universal carrier compatibility is a hardware problem that can't actually be solved in the US due to incompatible networks. Verison is CDMA, ATT is GSM with 3G@1900, T-Mobile is GSM with 3G@1700.

Yes, but there are quad-band phones that support all of the frequencies. It's certainly possible to do, we just don't see it in Android handsets for some reason.

Please give me an example of a phone that supports all carriers 3G frequencies. Like I said, the "world edition" Droids (which just came out this month BTW) only support 2G universally.

Google's Android environment and many key components of the platform's userspace stack—including Google's own libc implemention—are distributed under the highly-permissive Apache license, which even allows code to be used in closed-source applications.

Don't all the fandroids keep talking about how open Android is? Rooting Android on certain phones seems to be just as open as jailbreaking an iphone. I'm confused. What's so open about Android?

I'll pretend the question was serious.

The big difference is that rooting aside, Android is vastly more open and customizable than its top competition, iOS and Blackberry. So for instance, I have an HTC Evo. It looks nothing like an HTC Evo. Without rooting the phone, I gave it a new launcher, replaced a bunch of default programs, and changed my dock bar into something that is perfectly optimized for me. The home page screen has my local weather, a cloud based to-do list I can update from anywhere, and my schedule. My keyboard is a custom keyboard, my SMS is a powerful beast of a program, and my web browser is most certainly not the default. The phone is pretty and conforms to my style and tastes. In fact, my phone is customized to the point where a non-me person is going to struggle to use it.

An iPhone is an iPhone. Its interface is a screen of shortcuts. You can change your background.. and even that feature wasn't bestowed upon iOS users until the iOS4 update.

Android isn't for everyone. I would probably be more inclined to give my grandmother an iOS device because she can't possibly break it, has no interest in tweaking it to fit her needs, and really just needs a phone built for the masses. I on the other hand am a big nerd and am more than happy to have a phone that lets me tear into the guts and doesn't get in my way if I decide I want to try out an radical keyboard replacement program like Swype. I don't want to be locked into Apple's one-size-fits-all mentality. I am pretty happy that the phone I have is the size of a small tablet and has a freaking kickstand. With an iOS device you don't even get a choice in hardware. Pick your values. There is no one OS to rule them all. Just different OS's that hit different needs. Thankfully, this isn't the old days of the MS monopoly. You actually have a choice.

"Data?"*shakes head quietly**expression of realization* "...Lore.""Right."

Brent Spiner is totally under appreciated.

G**damn right he is.

My two cents: the only thing I think a carrier has a right to lock is:

-- anything that circumvents their network to allow you to get free calls on the cellular network (NOT TALKING ABOUT VOIP HERE: Skype/Fring is a beast of a different color) without paying for use of their network.

-- anything that breaks their contractual marketing arrangements... Yes, this sucks, but the NFL did pay Sprint to have a NFL app on all of their phones even on customers who don't watch sports at all. I get that, really, I do. Now that the agreement is over, the app needs to go. (As long as Sprint holds on to Nascar's penultimate race, I understand why that app is there, even if I don't like it.)

-- any program or app designed to break the Master Subsidy Lock on a device before someone's lease is up.

Aside from those three things, I don't see why Root access is such a big deal. Hell, if there was a password lock on the device that upon entering a passcode provided by your carrier, your phone is rooted and you can edit the firmware all you want, I'd be agreeable on that. In order to get the password, set some ground rules:

-- If your phone is still within a return period, you can't have the passkey.-- Once rooted, it's yours for keeps: Rooted devices can not be activated on the network for anyone else but you: you can't resell the phone to anyone else on the same network. This would prevent eBayers and private sales folks from selling a "DOA" device to a Sprint user with no hope of getting the device to ever work, as well as successive network technicians from diagnosing hacked equipment. If you want to sell the used phone to someone else later to subsidize your next phone purchase, don't root it.-- Once you ask for the passkey, you sign a piece of paper stating that Sprint is no longer responsible for the modifications on your device, and once signed, will refuse to service or help you with your device, upgrades, or other non-service (meaning "on their end" network related problems.)

With regard to the lockdown for the sake of security issue, I have an idea for a solution. Implement a key press combination, similar to those already used to access recovery mode, that enables root access. Make this physical key press combo the ONLY way to gain root access. Without a means to gain root access through software, there's no security hole for the manufacturers to worry about, and the end users have optional root access to mod their phones.If security truly is the rationale behind the lockdowns, wouldn't something like this solve the problem? Linux/hardware geeks: is this even possible?

Edit: uninventiveheart beat me to the punch with a better implementation. Two great minds. . . ;-)

I think one of the big problems is that they are withholding the source and modifications made to the source of the kernel. They say they will release it up to 120 days from now which is much too long. They can lock it down all they like and stay legal but to withhold source for that length of time may be a copyright infringement against those who contributed code to the kernel (releasing modifications after 90-120 days is not acceptable).

That's an entirely separate issue, though also unfortunate. If they get it out in 120 days, they will have done far better than the vast majority of other Android adopters.

Don't all the fandroids keep talking about how open Android is? Rooting Android on certain phones seems to be just as open as jailbreaking an iphone. I'm confused. What's so open about Android?

Android is pretty open as mobile OSes go. The operating system as distributed by Google is quite open. That doesn't mean that manufacturers (and to a greater extent carriers) can't set it up so that the user is not granted root access by default. Typically it's so that they can prevent people from accidentally screwing anything up or more often so carriers can prevent access to system files in order to brand and sell or restrict built-in features like network sharing (tethering) or removal of apps that the carrier is paid to include.

The nice thing is that it's pretty easy to unlock these artificial barriers created by carriers and take control of your phone. I just think of it like your company's IT department giving you a non-root/admin account by default because lots of users will end up installing malware or software that the company doesn't want you to run. The computer is perfectly capable of running all kinds of software but the company has decided that they will cut down on network issues and help calls by giving you a limited account.

Likewise, Android can run all kinds of software but Motorola and Verizon or HTC and Sprint have done what they can to keep the casual user from screwing up the phone, their network, or their business plan. Thankfully, anyone who knows what they are doing can essentially install a copy of the OS that includes root access, just like you can always reinstall the OS on your work computer. At that point it's just up to you to make sure you don't screw anything up or do anything that will cause you to get kicked off the work network. In the case of phones it's a little different since the hardware is yours rather than your company's but at the same time, you are using the carrier's network so you run the risk of breaking the agreement under which you are allowed to use said network. If you signed a contract stating that you wouldn't run a web server or download torrents or whatever, the carrier can legally kick you off for breaking said agreement and since a smart phone without a network can be less than useful, you want to do what you can to be reasonable if you want to keep your service.

I rooted my Evo early on because I know the risks of installing untested software or screwing with system files. I like having the ability to install what I want even if it requires system access. At the same time I know that my Sprint contract is still an agreement and that if I do something to eff up the network they can legally give me the boot. As such, I don't abuse the service and use the device responsibly.

tl;dr: it's not a whole lot to do with the Android OS as distributed by Google. It's more an issue of carriers wanting to assert a certain level of control in order to maintain stability and sell their branded services like phone-as-modem. You can do that stuff but make sure you don't run afoul of the carrier if you enjoy having service. Sucks sometimes but they are providing a valuable service and you have to work within their rules at least to some extent if you want them to keep providing said service.

Carrier restrictions are the reason I always bought my phpone separate from my subscription. Until I got an iPhone, and that turned out to be a one time experiment. At this moment Nokia is testing my patience with the N9, I'm waiting for that as I expect the non-subsidized version to be as open as the N900 and sport a capacitive touch screen and a less bulky housing.